Tuebora Blog

Communicate Your IAM Intent Directly to You Applications

5

January

Irrespective of what business someone does, it is not easy to figure out the boundaries of access in an Organization. Be it undesired empowerment with excess access or being unable to perform one’s job function because of under access, the pain of figuring out the right access has always been a daunting task. How do I go about solving this?

Let me first put together a plan and budget for this. Should I do on-premise or on the Cloud? Well, I would dig deeper into this for sure. There is much talk about the Cloud and what it does to one’s business. The usual cliché of ‘your mileage might vary’ being applicable, it is hard not to embrace and engage with Cloud Technologies given that it certainly helps one to focus lot more on the business than the logistics of it. The value of an automated software solution diminishes if you require an army of people to get it to work. It is not just the cost but the dependency on folks of different skills which cuts down the benefits it set out to provide. I am better off trying with something small and see how it goes. If it meets my needs, then I know there is a model to scale up. If it doesn’t, then I know I need to do something different. I have to go this route – because I cannot risk it!

Now, let me look at who are the stakeholders in decision making of granting access. In a lot of cases, line managers have it figured out. In certain cases, those responsible for business processes have that knowledge. Then we have compliance folks whose input in this process is key. It is imperative that I have a forum that enables collaborative decision making – because I cannot risk it!

Then, I wonder I have all these different Information Assets and is there a solution that can deal with my heterogeneous environment? With my experience of managing access in various Assets, I have realized that I need govern each asset differently. Is there someone who can tell me what I need to do differently in each Asset?

This is all good, but I really don’t have time to navigate through myriad of access and figure out right access. It would be really nice to get a complete 360 view of User and Access granted to Users. That view should contain analysis that will throw light at out-of-ordinary access grants.

Little did I realize that addressing these pain points would mean that my Organization is on its way to attain Access Nirvana!